cda

Now published through @CarnegieEndow – "Iran’s Cyber Threat: Espionage, Sabotage, and Revenge" – the decade long history of Iranian cyber operations against foreign and domestic targets. By me and @ksadjadpour. carnegieendowment.org/2018/01/04/ira…

TIL: during World War II, the British spread Shahnameh posters around Iran portraying Hitler as Zahhak, conquered by Churchill, Roosevelt, and Stalin.

@mahdi Substantial number of Americans do not have an ID that includes citizenship status, turns over state voter data to the federal government (which has been abusing datasets), interferes with mail-in registration. Voter fraud is not real, sole intent is to disenfranchise voters.

Could a Democrat explain to me their opposition to the SAVE America Act? It’s clear that voting requires citizenship and proof of identity through a Voter ID.

@Vatangogh I think the biggest problem isn't even RF related, it's people connecting to Starlink with Bale, Rubika, and Eitaa, or a banking app, installed. Easy to find when you have a real identifier and cell phone location, and traffic exiting a Starlink AS.

من در حوزه سیستم‌های وایرلس تخصص دارم. با توجه به بحث‌هایی که این روزها درباره #استارلینک و امکان ردیابی آن مطرح می‌شود، لازم است چند نکته فنی را توضیح بدهم. به طور کلی یک ترمینال استارلینک (دیش کاربر) دو نوع سیگنال قابل توجه تولید می‌کند: ۱- سیگنال Wi-Fi مودم استارلینک این همان وای‌فای معمولی است که مودم استارلینک برای اتصال گوشی و لپ‌تاپ منتشر می‌کند و در باندهای ۲.۴ و ۵ گیگاهرتز کار می‌کند. برد معمول این سیگنال در محیط شهری معمولاً حدود ۳۰ تا ۵۰ متر است. با توجه به اینکه در شهرها هزاران شبکه Wi-Fi فعال وجود دارد، تشخیص اینکه یک سیگنال خاص متعلق به مودم استارلینک است معمولاً کار ساده‌ای نیست مگر اینکه به‌طور خاص به دنبال آن باشند. ۲- سیگنال ارتباط ماهواره‌ای دیش استارلینک دیش استارلینک با استفاده از یک آنتن آرایه فازی (Phased Array) با ماهواره‌ها ارتباط برقرار می‌کند. این ارتباط معمولاً در باند Ku و حدود ۱۰ تا ۱۵ گیگاهرتز انجام می‌شود. این سیگنال به صورت جهت‌دار (Directional) و عمدتاً به سمت آسمان و ماهواره‌ها ارسال می‌شود. به همین دلیل انرژی بسیار کمی از آن به سمت زمین منتشر می‌شود. با این حال ممکن است مقدار کمی از انرژی از طریق لوب‌های جانبی (Side Lobes) یا نشتی سیگنال قابل دریافت باشد. در شرایط مختلف، برد تقریبی تشخیص این نشتی سیگنال می‌تواند به شکل زیر باشد: سیگنال نسبتاً قوی: با دستگاه‌های عمومی تشخیص RF و آنتن‌های همه‌جهته (Omni-Directional) در فاصله حدود ۵۰ تا ۲۰۰ متر ممکن است قابل تشخیص باشد. سیگنال متوسط: با استفاده از آنتن‌های جهت‌دار (Directional) و تجهیزات دارای تقویت‌کننده سیگنال (LNA) در شرایط نسبتاً مناسب تا حدود چند صد متر ممکن است قابل دریافت باشد. سیگنال بسیار ضعیف: در صورت وجود دید مستقیم (Line of Sight) و استفاده از تجهیزات حرفه‌ای پایش طیف (Spectrum Monitoring) ممکن است در بهترین شرایط تا حدود ۱ تا ۲ کیلومتر قابل تشخیص باشد. نکته مهم این است که در فرکانس‌های حدود ۱۴ گیگاهرتز امواج رادیویی تقریباً رفتاری شبیه نور دارند؛ بنابراین ساختمان‌ها، درختان و موانع شهری به شدت سیگنال را تضعیف می‌کنند. به همین دلیل در محیط‌های شهری متراکم، پیدا کردن یک دیش استارلینک صرفاً از طریق نشتی سیگنال رادیویی کار ساده‌ای نیست و معمولاً به تجهیزات تخصصی و زمان جستجوی قابل توجه نیاز دارد. با این حال برای افزایش امنیت و احتیاط بیشتر می‌توان چند توصیه ساده را رعایت کرد: ۱. از وای‌فای داخلی مودم استارلینک استفاده نکنید. بهتر است مودم را با کابل به یک Access Point جداگانه وصل کنید و وای‌فای را از آن دریافت کنید. ۲. دیش را تا حد امکان از دید پنهان کنید. بهتر است دیش در جایی قرار گیرد که از خیابان، ساختمان‌های اطراف یا حتی تصاویر هوایی به راحتی قابل مشاهده نباشد. ۳. استفاده از پوشش فلزی در اطراف دستگاه قرار دادن دیش در یک محفظه یا قاب فلزی که از اطراف بسته و از بالا باز باشد می‌تواند تا حدی انتشار سیگنال‌های جانبی به اطراف را کاهش دهد. البته این کار باید با فاصله مناسب انجام شود تا در عملکرد آنتن اختلال ایجاد نکند و تهویه دستگاه نیز حفظ شود. در مجموع، اگرچه از نظر تئوری امکان تشخیص سیگنال وجود دارد، اما در محیط‌های شهری شلوغ، شناسایی دقیق محل یک ترمینال استارلینک بدون تجهیزات تخصصی کار پیچیده و زمان‌بری است. به امید روزی که به این راهنمایی ها نیاز نداشته باشیم. #استارلینک #امنیت #سیگنال #آموزش

@ettingermentum Converse is true as well. American history is easier to write off as uniformly bad without that context, propping up the most obnoxious tendencies on the left. History provides the chance to see one’s self as the inherenter of an ever present moral righteousness.

It’s a very strong point against the handwaving that anyone who did awful things back then was just a product of their times. A lot of people went really far out of their way to do these things.

One of the most fascinating things about studying this period of American history is learning about how many awful things spoken about as inevitable events, like this and even manifest destiny more broadly, were actually hotly politically contested and often only barely won.

@TjelmaF @VVD @groenlinks @D66 Looks like a nice meal with friendly people.

So true @VVD @groenlinks @D66 @CDA buig maar

The human cost of Trump's war of choice in Iran is unconscionable & unjust—this Administration is threatening lives with its reckless decision making & disregard for humanity. I joined @MSNOWNews to discuss.

@sinamiki92 @kambizhosseini @AlanEyre1 No. Not my point. I assume even that Mojtaba is more murderous than his father. The sole point above is the question of whether Mojtaba represents a shift with more IRGC control. Whereas his father exercised greater control. Balance of power between Qom and the IRGC.

There is nothing softc, halfway, or special about someone who kills innocent people (children, women, elderly) so brutally like hjs father did. If he will do the same, he is exactly the same. What you are saying is that he is halfway there cause after he kills, he washes his hands with a nicer soap.

Before the tsunami of analysis drowns us all, let's flag the most important fact about this appointment (assuming he lives through the war): His appointment certainly indicates 'regime change,' marking the end of the theological/ideological aspect of the lslamic Republic of Iran and the beginning of Iran as an IRGC-dominated police-military-security state.

@sinamiki92 @kambizhosseini @AlanEyre1 Soft as in 'indirect', 'halfway', as in it's not all an outright IRGC overthrow of velayat-e faqih; I didn't mean "soft" as is humane, moral, non-murderous. Bad word choice on my part.

@CDA @kambizhosseini @AlanEyre1 Always ask this: does he kill people again when they go out and protest? If you say yes, he is the same. If not, he is “softer”. You tell me yourself what you think.

@hkashfi Oh holy crap, I sat on a VMWare cluster of his C2s for forever a decade ago, found his Jabber log on VT too. Bye, Mehdi Mahdavi. Got what you had coming.

Recent updates and surfaced photos now confirms that Mehdi Farhadi, a known and FBI wanted cyber threat actors affiliated with the MoIS, was killed in a targeted attack in Hamedan on March 2nd. This marks as the 3rd document cyber-related kinetic action against Iranian MoIS/IRGC affiliated hackers.

Finally got some breathing room, so here's a quick recap of the cyber side of IR/US ongoing war: 1. Right after the first strikes by US, within the first hours, multiple popular (pro regime) news agencies and outlets were compromised at the same time. Legitimate looking news contents were injected to the front page, aimed at degrading morale of pro-regime force by typical PSYOPS tactics. Sites were quickly taken down and restored. 2. Shortly after that, BadeSabaa (Prayer time app), a popular mobile app with 30+ Million installations (from Iranian app store) was hijacked and used to send push notifications to users. This time the target audience was mostly army members, calling them to surrender and join the people, if they want to survive. This app is an interesting pick, not just because it has a high number of downloads. Users of the app are particularly religious people and have higher chance to be also pro-regime and within body of the army. One important but seemingly ignored fact about this app is that it requests location access to operate. It's safe to assume most users allow that for more accurate prayer time results. It's also safe to assume that, if the app backend is compromised enough to allow sending push notifications, it's safe to assume that any telemetry logs and data from the app would be also compromised. Correlating telemetry with unique device ID for that large user base can be (ab)used in many different and interesting ways! Not that it has been the case. * Rumors circulated that EITAA, an Iranian popular messaging app, was also taken down and no longer accessible. That turned out to be just a rumor as I verified. 3. Iran internet went in full blackout mode again. Not that this had anything to do with a cyber operation. Initially starting from MCI and expanding to the entire country within a day. Like in previous case, there are still a small fraction of hosts that remain accessible from outside, but if you have been logging previous round's data and compare it with current one, you might notice interesting discrepancies ;) This is likely a multi-reason effort to contain exposure of impact of strikes, possible denial of service to smaller drones (which turned out a failed assumption and attempt during IR/IL war too) and finally to have a veil over any potential aggression towards upcoming unrests and protests by people in the streets. 4. During second day of strikes, Iranian national TV's Channel 3 satellite streams (IntelSat) were hijacked (2nd time since recent protests) and videos of Trump and Netanyahu speeches were broadcasted instead. Again, expected PSYOPS move considering the situation. Other covert operations have been also in progress, which I guess we might be hearing about them (or not) in near future. I will be occasionally updating this as a thread, if more notable cyber attacks takes place.

@kambizhosseini @AlanEyre1 I don't think Alan's calling him an MBS, I think he's saying that Mojtaba is a soft version of the IRGC coup that people have been forecasting for decades. That he's more embedded in (or to venture further, under the control of) Sepah, than Qom.

@AlanEyre1 Oh… Alan! We love you. Let us keep loving ou. You are always welcome in Shiraz and at Hafez’s tomb whenever you like, once they are gone. But you’re dead wrong, my friend. Mojtaba is the same. There is no Bin Salman here, there is another Khameneiiiiiiiiiii...

@kafz1 Goal is to confuse American foreign policy establishment, who in four decades never really conquered the distinction between Khomeini and Khamenei.

اصلا با چه منطقی میشه مجتبی را رهبر کرد؟ کدام کار سیاسی را انجام داده؟ کدام پست را داشته؟ چه هویت سیاسی و اجتماعی داشته؟ کی با مردم حرف زده؟ اصلا کی تا به حال این بابا را دیده؟ شغلش چه بوده؟

@lionel_trolling Depends on what the successor state is, and for whom you're benchmarking the sentiment.

Supposing the regime falls, wouldn't the successor state be forever illegitimate and felt as a foreign imposition in the same way the Shah was?

@hmajd Honestly, the level of standpoint deference arguments going on might make this the wokest war ever. x.com/IranIntl_En/st…

"I love the smell of napalm in the morning." (And the bombing of Cambodia and Laos.) Truly woke.

Mood. youtube.com/watch?v=2_9fDG…

@hdagres Where can I put my life savings on mullah bae Ahmad Khomeini.

Polymarket is betting on three candidates for Iran's Supreme Leader: - Hassan Khomeini, grandson of Ruhollah Khomeini - Alireza Arafi, member of the Guardian Council - Gholam-Hossein Mohseni-Ejei, Judiciary Chief

@AjitPai @UN @Refugees Conversely, Oriana Fallaci in the Times a few months later. nytimes.com/1979/10/07/arc…

Some other quotes from the op-ed (whose author was appointed by @UN @Refugees in 2008 as "Special Rapporteur on the situation of human rights in the Palestinian territories"): - "The news media have defamed [Ayatollah Khomeini] in many ways, associating him with efforts to turn the clock back 1,300 years, with virulent anti‐Semitism." - "More even than any third‐world leader, he has been depicted in a manner calculated to frighten." "[Khomeini] has also indicated that the nonreligious left will be free to express its views in an Islamic republic." - "To suppose that Ayatollah Khomeini is dissembling seems almost beyond belief." - "What is also encouraging is that his entourage of close advisers is uniformly composed of moderate, progressive individuals" who "share a notable record of concern for human rights and seem eager to achieve economic development that results in a modern society." nytimes.com/1979/02/16/arc…

In Feb. 1979, the @nytimes ran “Trusting Khomeini,” an op-ed from a @Princeton “expert” who opined: “Having created a new model of popular revolution based, for the most part, on nonviolent tactics, Iran may yet provide us with a desperately-needed model of humane governance.”

@HassanRouhani yo, you were a total wuss, especially with the lame charter of rights and then your anemic second term. they killed your mentor, kicked you out the guardian counsel. now's the time to get your revenge. be a legend.

"Can we get rid of this ayatollah T-shirt? Khomeini died years ago." "But, Marge, it works on any ayatollah-- Ayatollah Nakhbadeh, Ayatollah Zahedi. As we speak, Ayatollah Razmara and his cadre of fanatics are consolidating their power." "I don't care who's consolidating their power."

@deanwball Wasn't about contract terms, was about the moratorium. This was preceded by months of saber rattling from the WH over Anthropic's speech. Terms was pretext and the retaliation shows the lie. Focusing on the excuse misses the (rights violating) forest for the (bureaucratic) trees.

We desperately need de-escalation here, but the actors involved seem to only be capable of escalation. I wish Anthropic had accepted the same terms as OAI; I think they probably made a mistake in rejecting the compromise. But that does not mean the government should destroy them.

@SohrabAhmari Iranian @lionel_trolling?

The Millennial hipster military analyst on state TV.